Unison’s layered approach to authentication provides the capability to combine authentication systems based on your needs, without having to make changes to your applications. For instance combine SAML2, banner acknowledgement and JIT provisioning to force federated users to accept terms and conditions before being provisioned into the system.
SSO can often have two meanings. The first is allowing a single login for multiple applications. The second providing a single login point with applications being able to determine who the user is using a common api. Unison provides both capabilities.
Once Unison authenticates the user, the user’s context needs to be injected into the application. Using Unison this can be done with simple headers or using Unison’s Last Mile system which sends a secure header to the application with all the needed information to validate the token. This eliminates the need for applications to “phone home” to a policy decision point to validate requests.